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3N THE CLArMS 

In response to the Examiners Amendment in the Notice of Allowance mailed 
06/1 1/2007, please amend the claims as follows: 

1, (Currently Amended) A program stored on a computer-readable medium for 
controlling a managing computer to manage malware protection within a computer 
network containing a plurality of network connected computers, said computer program 
product comprising: 

receiving code for receiving at said managing computer a plurality of log data 
messages identifying detection of malware by respective ones of said plurality of network 
connected computers; 

detecting code for detecting from said plurality of log data messages received by 
said managing computer a pattern and a network-wide threshold of malware detection 
across said plurality of network connected computers matching at least one 
predetermined trigger, the network-wide threshold being applied to a sum of detections, 
the detections each being associated with a different one[{ :]] of the[[ :]] network- 
connected computers; 

wherein said plurality of network connected computers each have a malware 
scanner for scanning computer files to detect malware within said computer files; 

action performing code, responsive to detection of one of said at least one 
predetermined trigger to perform at least one predetermined anti-malware action; 

wherein predefined network-wide thresholds and patterns are provided as 
templates; and 
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wherein the predefined network-wide thresholds and patterns are customized 
based on [[the]]a network being protected. 

2. (Cancelled) 

3. (Previously Presented) A program stored on a computer-readable medium as 
claimed in claim 1 , wherein said malware scantier includes malware definition data for 
identifying malware to be detected. 

4. (Previously Presented) A program stored on a computer-readable medium as 
claimed in claim 3, wherein said at least one predetermined anti -malware action includes 
forcing an update of malware definition data being used by one or more of said plurality 
of network connected computers. 

5. (Previously Presented) A program stored on a computer-readable medium as 
claimed in claim I, wherein said at. least one predetermined anti-mahvare action includes 
altering at least one scanner setting of at least one of said malware scanners such that said 
at least one of said malware scanners performs more thorough malware scanning. 

6. (Previously Presented) A program stored on a computer-readable medium as 
claimed in claim 1, wherein said at least one predetermined anti-mahvare action includes 
isolating at least one of said network connected computers from other parts of said 
computer network. 
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7. (Previously Presented) A program stored on a computer-readable medium as 
claimed in claim 1, wherein said managing computer stores said plurality of log data 
messages within a database, 

8. (Previously Presented) A program stored on a computer-readable medium as 
claimed in claim 7, wherein said detecting code is operable to query said database. 

9. (Previously Presented) A program stored on a computer-readable medium as 
claimed in claim 7, wherein said database includes data identifying at least one of: 

maiware protection mechanisms used by respective network connected 
computers; 

versions of maiware protection computer programs used by respective network, 
connected computers; 

versions of maiware definition data used by respective network connected 
computers; and 

security settings of maiware protection mechanisms used by respective network 
connected computers. 

10. (Currently Amended) A method of managing maiware protection within a 
computer network containing a plurality of network connected computers, said method 
comprising the steps of: 



-5- 

receivmg at a managing computer a plurality of log data messages identifying 
detection of malware by respective ones of said plurality of network connected 
computers; 

detecting from said plurality of log data messages received by said managing 
computer a pattern and a network-wide threshold of malware detection across said 
plurality of network connected computers matching at least one predetermined trigger, 
the network-wide threshold being applied to a sum of detections, the detections each 
being associated with a different one of the network connected computers, 

wherein said plurality of network connected computers each have a malware 
scanner that serves to scan computer files to d e teeted detect malware within said computer 
files; 

in response to detection of said at least one predetermined trigger, performing at 
least one predetermined anti-malware action; 

wherein predefined network-wide thresholds and patterns are provided as 
templates; and 

wherein the predefined network-wide thresholds and patterns are customized 
based on [[the]]a network being protected. 

11. (Cancelled) 

1 2, (Previously Presented) A method as claimed in claim 1 0, wherein said 
malware scanner uses malware definition data to identify malware to be detected. 
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13. (Previously Presented) A method as claimed in claim 12, wherein said at least 
one predetermined anti-malware action includes forcing an update of mal ware definition 
data being used by at least one of said plurality of network connected computers. 

14. (Previously Presented) A method as claimed in claim 1 0, wherein said at least 
one predetermined anti-malware action includes altering at least one scanner setting of at 
least one ma! ware scanner such that said roaiware scanner performs more thorough 

mal ware scanning 

15. (Previously Presented) A method as claimed in claim 10, wherein said at least 
one predetermined anti-malware action includes isolating at least one of said network 
connected computers from other parts of said computer network. 

16. (Original) A method as claimed in claim 10, wherein said managing computer 
stores said plural ity of log data messages within a database. 

17. (Previously Presented) A method as claimed in claim 16, wherein said 
detecting step includes querying said database. 

18. (Previously Presented) A method as claimed in claim 16, wherein said 
database includes data identifying at least one of: 

mal ware protection mechanisms used by respective network connected 
computers; 
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versions of malware protection computer programs used by respective network 
con n ected computers; 

versions of malware definition data used by respective network connected 
computers; and 

security settings of malware protection mechanisms used by respective network 
connected computers. 

19. (Currently Amended) Apparatus for managing malware protection within a 
computer network said computer network containing a plurality of network connected 
computers, said apparatus comprising: 

receiving logic for receiving at a managing computer a plurality of log data 
messages identifying detection of malware by respective ones of said plurality of network 
conn ected computers; 

detecting logic for detecting from said plurality of log data messages received by 
said managing computer a pattern and a network-wide threshold of malware detection 
across said plurality of network connected computers matching at least one 
predetermined trigger, the network- wide threshold being applied to a sum of detections, 
the detections each being associated with a different one of the network connected 
computers; 

wherein each of said plurality of network connected computers have a malware 
scanner that serves to scan computer files to deteeteddetect malware within said computer 
flies. 
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action performing logic, in response to detection of at least one predetermined 
trigger, for performing at least one predetermined anti-malware action; 

wherein predefined network-wide thresholds and patterns are provided as 
templates, and 

wherein the predefined network-wide thresholds and patterns are customized 
based on [[the]]a network being protected. 

20. (Cancelled) 

21, (Previously Presented) Apparatus as claimed in claim 19, wherein said 
malware scanner includes malware definition data to identify malware to be detected , 

22, (Previously Presented) Apparatus as claimed in claim 21, wherein said at least 
one predetermined anti-malware action includes forcing an update of malware definition 
data in at least one of said plurality of network connected computers. 

23. (Previously Presented) Apparatus as claimed in claim 19, wherein said at least 
one predetermined anti-malware action includes altering at least one scanner setting of at 
least one malware scanner such that said malware scanner performs more thorough 
malware scanning. 
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24. (Previously Presented) Apparatus as claimed in claim 19, wherein said at least 
one predetermined anti-malware action includes isolating at least one of said network 
connected computers from other parts of said computer network. 

25. (Original) Apparatus as claimed in claim 19, wherein said managing computer 
stores said plurality of log data messages within a database. 

26. (Original) Apparatus as claimed in claim 25, wherein said detecting logic is 
operable to query said database. 

27. (Previously Presented) Apparatus as claimed in claim 25, wherein said 
database includes data identifying at least one of: 

malware protection mechanisms used by respective network connected 
computers; 

versions of malware protection computer programs used by respective network 
connected computers; 

versions of malware definition data used by respective network connected 
computers; and 

security settings of malware protection mechanisms used by respective network- 
connected computers . 



28. (Cancelled) 
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29. (Cancelled) 

30. (Previously Presented) A program stored on a computer-readable medium as 
claimed in claim 1 , wherein said at least one predetermined anti-malware action is 
targeted to a particular threat so as to reduce network traffic. 

31. (Previously Presented) A program stored on a computer-readable medium as 
claimed in claim 1, wherein a plurality of said net work connected computers associated 
with said detections utilize outdated malware definition data. 

32. (Previously Presented) A program stored on a computer-readable medium as 
claimed in claim 3 1 , wherein said at least one predetermined anti-malware action 
includes updating only said network connected computers that utilize said outdated 
malware definition data. 

33. (Previously Presented) A program stored on a computer-readable medium as 
claimed in claim I, wherein a plurality of said network, connected computers associated 
with said detections are connected to a particular server, 

34. (Previously Presented) A program stored on a computer-readable medium as 
claimed in claim 32, wherein said at least one predetermined anti-malware action 
includes isolating only said particular server and said network connected computers 
connected thereto. 



